[per-object-permissions] Fixed RLP perm checking so it now accepts the string app_label.perm_codename format correctly.

git-svn-id: http://code.djangoproject.com/svn/django/branches/per-object-permissions@3531 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-07-05 02:09:13 +00:00 · 2006-08-07 17:28:16 +00:00 · 2006-08-07 17:28:16 +00:00 · e8ea76b4c7
commit e8ea76b4c7
parent 18c889d8fb
1 changed files with 12 additions and 6 deletions
--- a/django/contrib/auth/models.py
+++ b/django/contrib/auth/models.py
@ -49,9 +49,9 @@ class Permission(models.Model):

 class RowLevelPermissionManager(models.Manager):
    def create_row_level_permission(self, model_instance, owner, permission, negative=False):
-        if isinstance(permission, str):
-            permission = Permission.objects.get(codename__exact=permission)
        model_ct=ContentType.objects.get_for_model(model_instance)        
+        if isinstance(permission, str):
+            permission = Permission.objects.get(codename__exact=permission, content_type=model_ct.id)
        if model_ct != permission.content_type:
            raise TypeError, "Invalid value: Permission content type(%s) and object content type(%s) do not match" % (permission.content_type, type_ct)
        
@ -111,7 +111,7 @@ class Group(models.Model):
    """
    name = models.CharField(_('name'), maxlength=80, unique=True)
    permissions = models.ManyToManyField(Permission, verbose_name=_('permissions'), blank=True, filter_interface=models.HORIZONTAL)
-    row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_type_field="owner_ct", related_name="owner")
+    row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_type_field="owner_ct", related_name="group")
    class Meta:
        verbose_name = _('group')
        verbose_name_plural = _('groups')
@ -260,11 +260,15 @@ class User(models.Model):
        return self._perm_cache

    def check_row_level_permission(self, permission, object):
+        object_ct=ContentType.objects.get_for_model(object)
        if isinstance(permission, str):
-            permission = Permission.objects.get(codename__exact=permission)
+            try:
+                permission = Permission.objects.get(codename__exact=permission, content_type=object_ct.id)
+            except Permission.DoesNotExist:
+                return False
        try:
            row_level_perm=self.row_level_permissions_owned.get(model_id=object.id, 
-                                                                    model_ct=ContentType.objects.get_for_model(object).id, 
+                                                                    model_ct=object_ct.id, 
                                                                    permission=permission.id)
        except RowLevelPermission.DoesNotExist:
            return self.check_group_row_level_permissions(permission, object)
@ -302,6 +306,7 @@ class User(models.Model):
                             ContentType.objects.get_for_model(object).id,
                             permission.id,])
        row = cursor.fetchone()
+
        if row is None:
            return None
        return not row[0]
@ -314,7 +319,8 @@ class User(models.Model):
        if self.is_superuser:
            return True
        if object and object._meta.row_level_permissions:
-            row_level_permission = self.check_row_level_permission(perm, object)
+            permission_str = perm[perm.index('.')+1:]
+            row_level_permission = self.check_row_level_permission(permission_str, object)
            if row_level_permission is not None:
                return row_level_permission
        return perm in self.get_all_permissions()